Slashdot Mirror
Feds Thwart Extortion Plot Against Best Buy
hiero writes "From an article
in the Star Tribune: 'Federal authorities said Tuesday they thwarted an extortion plot against Best Buy Co. Inc. by a man who sent the company an e-mail threatening to expose what he claimed were weaknesses in the retailer's computer system unless he was paid $2.5 million.' What's really interesting to me, though, is this paragraph further on in the article: 'The federal search warrant was obtained the morning of Oct. 24 and allowed the FBI, with Best Buy's cooperation, to use an Internet device known as an Internet Protocol Address Verifier. It contained a program that automatically sent back a response to Best Buy after the company sent a message to the e-mail address. The response allowed investigators to identify Ray as the sender of the e-mail threats, according to the government.' Internet Protocol Address Verifier? Is this Carnivore in action?"
Easy does it. You don't need a big surveillance program, just add a bug to your email that "grabs" the reader's IP addy and voila!
Easy does it, apply the KISS principle to life.
~~~Please pass the salt, I hate unsalted MD5s
I did domething similar once. I put a tiny transparent image URL in a letter to try to get the IP address of someone. Then I monitored the server logs where the image was hosted.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
no, you are dead wrong.
I can send you an email right now that will only get you to that mail server's address. there is no way in hell you can get my IP addrees out of it. and then if you try and suponea that company there is no real information in there about me except one IP address that lead's to a http anynomizer... so now you have to suponea that and hope I didnt do a second hop and was stupid enough to use the first two inside a country that will gladly bend over for your government.
your tactic was useful 10 years ago... today it's mostly useless.
Do not look at laser with remaining good eye.
Which is why I always use display as text only mode.
TheHustler
http://www.elmarko.org/ - Useless bilge
http://www.asylum-games.co.uk/ - Co-Founder
Over here there is a Congressional Statement of what Carnivor "officialy" does, or is "allowed" to do. One paragraph of this statement:
Carnivore is a very effective and discriminating special purpose electronic surveillance system. Carnivore is a filtering tool which the FBI has developed to carefully, precisely, and lawfully conduct electronic surveillance of electronic communications occurring over computer networks. In particular, it enables the FBI, in compliance with the Constitution and the Federal electronic surveillance laws, to properly conduct both full communications' content interceptions and pen register and trap and trace investigations to acquire addressing information.
gives us the gist of it. So yes this very well be Carnivore in action.
"It usualy starts with some screaming. Afterwards there is much running around."
When you find a bug, no matter how serious with someone's system, publish it. Why do I speak such insanity? I reverse engineer hardware and some software for fun, if I find a bug I'll report it because I'm a nice person and I'd like it to get fixed. I understand that our society works only because the black caps have realized when they found a doomsday bug that implementing it would mean they turn society into hell and they'de be right in the middle of it. I'd like to make a difference and help to defend myself by helping others out, this is how I convince selfish self to help others.
So, since you don't want to treat me with respect like I treat you with respect, from now on I won't be nice or treat you with respect. I'll publish your flaws for all to see. It can be as big a publication as slashdot or bugtraq, or as small a publication as telling my friends and throwing it up on p2p.
I guess we'll have to teach them what happens when they treat us with no respect. This is a decision every white cap has to make for themselves.
I for one, am done playing the part of the nice martyr. The day I get arrested and incarcerated for releasing information I or someone I know researched because someone doesn't like loosing money is the day we no longer live in a free country, and the day I go black cap. Believe me, I don't want it to come to that, I like my steak and potatoes and living in a nice house, but if that's where it's going I am going to defend my hobby.
Candy-Coated Knowledge
You cant turn off HTML in M$ LookOut
;-)
Oh yes you can - something I rely on to avoid spammers using the same trick!
this dude dosent sound very clued up
My thought exactly
Anyone that reads 666 otherwise known as the hacker quarterly knows about all the problems in Best Buys network.
It even goes in depth on how to get into thier private network from a display PC.
How to find info on hiring and firing people etc.
How to order stuff and have it sent.
that reminds me, when was the last time outlook actually allowed you to click an executable attachment and have it run? it had to be 2000, pre sp1, no?
and few other ways of hiding yourself, as below
1. Dedicated firewalled Linux Laptop with WLAN, and changing MAC
2. WarDrive around for a unsecure internet connection.
3. Use proxies from unsecured PC's, lists available from DBL providers, or you Email server logs.
4. Setup up a web mail account, and send business proposal.
5. WarDrive to other access poiunt for continuing dialog
6. Travel around a bit to avoid setting a Wardrive pattern
I would think this would be very difficult to trace without social engineering
mailto:EatSpamAndDie@princeweb.com
Not in the latest outlook.
Rocket science is easy. Neurosurgery, now *that's* difficult.
Is this Carnivore in action?
:)
No, it isn't. Like another poster said, this is really just a web bug. Carnivore is a sophisticated system for parsing billions of e-mails and flagging interesting things like threats against the President for analysts to examine, but has nothing to do with validating return addresses or anything like that.
The only way to actually know that someone is actually receiving your e-mail at a particular location is to include a web bug that reports their IP address back to you, by opening a socket connection directly to something on a server you own (e.g. an image). So either include an image in the e-mail which is requested from your server, or include a trojan that "phones home" when they run it.
It works. Try it the next time you want to see who's really spamming you. Just send a web bug to whatever the response address is they want you to contact, (you know, for your Nigerian money-laundering instructions), and then examine your server logs carefully to find out where they really are in the world. Of course, you could also send them a backdoor if you wanted, instead of just a beacon, but I would never countenance such uncivilized behavior
I guess the DTMF has changed!
Ok , thats a bit obscure but a real hacker will know what I mean.
Of course the tools are better today, such as satellites, electronic means of all sorts. One would suppose that the Nazis and the KGB of the former Soviet Union did a lot of snooping, although on a tech-level more appropriate to the then-times. Perhaps China also. And of course Iraq under Saddam Hussain. Mostly people to people spying and snooping.
Also, the Allies during WWII did a lot of snooping and spying. Churchill referred to WWII as the "Wizard War", because of all the high-tech radar, radio, etc. being used then. Also, the code-breaking going on, and the capture of the Enigma machine from the Nazis opened up new avenues of spy-stuff for the Allies.
A whole lot of USA's current surveillance is done by machines, sorting data for humans to look over, and find out answers.
Hey dumbass! If you had bothered to do even the simplest of searches, you would find out that Best Buy stopped doing this long ago.
> My client, actually, is the (rightfully) much maligned Microsoft Outlook, but I
> don't have a problem with web bugs, because my firewall only allows Outlook to
> connect to one address -- my domain's mail server -- and only to two ports at
> that address, ports 110 and 25.
Why don't you use Thunderbird? Does the fact that the `new email` icon doesn't go away when you've read all the new email bug you that much?
I don't think this is Carnivore in action. It's just now how it works. Carnivore is a box that would be in place at the user's ISP, not at Best Buy.
a rnivore.htm
Education:
http://computer.howstuffworks.com/c
geek n performer who performs morbid or disgusting acts, as biting off the head of a live chicken
I disagree. If a private citizen were being extorted for 2.5 mil, the feds would be willing to get involved. It's when the script kiddy down the street is extorting the local cyber cafe for free coffee that the feds won't touch it. Last I checked, the loss had to be above $5000 for the feds to investigate computer crime. That was a couple years ago though, don't know what it is now.
Yes, my only tool is a hammer. And you're starting to look like a nail.
$5000 is still the low cutoff for felony theft... anything below is a misdimeanor and gets handled at the local level.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
Yeah, right.
Uh, don't you mean pine or elm or mutt? Lynx is a web browser.
-- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu
Exactly. But Outlook 2003 doesn't display images in HTML emails by default, nor will Outlook Express after XP SP2.
If you want to see the images you have to request them to be downloaded, or add the sender to your list of trusted sites.
"Taligent is still pure vapor. Maybe they'll be the last who jumps up on Openstep... "
Everybody applying for a government job goes through a counterterrorism check. I wanted to get a part-time job at the local Secretary of State office. All I would do is sit there and take driver's license pictures and hand them to the lady who entered the information into the computer. However, they decided I was a potential terrorist. Apparantly, I'm safe enough to go out and buy a gun, watch people's children or pets, or even substitute teach in an elementary school, but I'm too dangerous to take driver's license photos.
It's not smart, or correct, but that's just the way it is.
The firewall might be a software such as ZoneAlarm configured so that the Outlook program specifically, but not IE, is restricted to what IP's and ports it can connect to.
My first thought when I hear firewall is a "real" firewall, where the only granularity of restrictions would be by IP addresses and ports, types of packets, etc., but without the ability to tie restrictions to a specific program such as Outlook.
I'll see your senator, and I'll raise you two judges.
No law prevents putting an image in a HTML e-mail YTC !
The fact the image happens to be served from a server for which I have access to the logs is irelevent. Many people include a photo (as oposed to a 1x1 gif) in a job aplication mail. This image could easily be delivered from a remote server (under your controal) rather than be attached to the e-mail. After all, the remote machine requested that image! (since the user runs a HTML enabled mail client)
Please think before posting !
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
Here's a handy little trick:
$ look blackma
blackmail
blackmailed
blackmailer
blackmailers
blackmailing
blackmails
Blackman
Or just use dictionary.com. :-)
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
So who would you rather have spying on you. The FBI who has to deal with Tons of paper work to even start spying on you then needs to make a strong case that you are a criminal, worthy of prosecution
Apparently you are not aware of the civil rights oversite requirements removed in the "Post September 11th" world do a search on "sneek and peek"
Didn't anyone else think that maybe just asking the reporter would do the trick? His email address is right at the bottom of the article.
<sarcasm> oh wait - this is slashdot right - only two people actually read the article. </sarcasm>
I emailed Mr. David Phelps asking what an "Internet Protocol Address Verifier" was and his brief reply was the following.
"it's commonly referred to as a web bug. i used the term as contained in the government's search warrant."
So while the theorizing here did come up with that as a possibility - it also came up with lots of other BS.
Now the bizarre thing is that the feds used such a wierd term. Then again to a judge or lawyer the term "web bug" probably seems pretty bizarre.
Those are intended to skew the statistics on Bayesian filters.
0110 1101 0101 1011 1001 0010!
If you're looking for sources of information, Ward Churchill and Jim Vander Wall's book Agents of Repression: The F.B.I.s Secret Wars Against the Black Panther Party and the American Indian Movement (South End Press) is a good start. When large numbers of readers refused to believe the stuff they had written (even though it extensively referenced the FBI's own documents), they did a follow-up book that just reprinted the FBI material called The COINTELPRO Papers: Documents from the FBI's Secret Wars Against Dissent in the United States. Harder to disbelieve that, I guess.
Outlook Express - Right click on the incoming email, click Properties. Select the Details tab. Click the Message Source button. Brings up the entire email as a text file that you can read, and it effectively does it without actually touching the email, flagging it as read, or processing any of the embedded code.
Any email I get that is obvious spam gets deleted unread. Any email I get that is questionable, I do this to and generally delete it after seeing what is in the Message Source.
Glonoinha the MebiByte Slayer
When you view a message under Outlook, it uses IE to render the page I think you just answered your own question. OE, among many other windows apps, uses the IE API to access and render pages but the programs connect by themselves. As such, firewallable.
Tons of paperwork?
? ID =12263&c=206
Obviously you haven't heard of the Patriot Act, or the Domestic Security Enhancement Act.
http://www.aclu.org/SafeandFree/SafeandFree.cfm
* The government no longer has to show evidence that the subjects of search orders are an "agent of a foreign power," a requirement that previously protected Americans against abuse of this authority.
* The FBI does not even have to show a reasonable suspicion that the records are related to criminal activity, much less the requirement for "probable cause" that is listed in the Fourth Amendment to the Constitution. All the government needs to do is make the broad assertion that the request is related to an ongoing terrorism or foreign intelligence investigation.
* Judicial oversight of these new powers is essentially non-existent. The government must only certify to a judge - with no need for evidence or proof - that such a search meets the statute's broad criteria, and the judge does not even have the authority to reject the application.
* Surveillance orders can be based in part on a person's First Amendment activities, such as the books they read, the Web sites they visit, or a letter to the editor they have written.
* A person or organization forced to turn over records is prohibited from disclosing the search to anyone. As a result of this gag order, the subjects of surveillance never even find out that their personal records have been examined by the government. That undercuts an important check and balance on this power: the ability of individuals to challenge illegitimate searches.
It goes on and on. Where there once was vast amounts of paperwork, now a simple "it's a terrorist judge, sign this" and it's done.
Now, as long as that is used only against what most of us consider a "terrorist" (ie, a person who wishes to physcially and violently attack non-military targets for the sake of influencing political opinion), I don't personally mind too much. In Tulsa, we have a building that is a 1/3 (or somewhere around ther) replica of the World Trade Center (or what used to be the WTC). We also had a terrorist act in OKC. But I have a strong suspicion (backed up by numerous historical incidents) that these powers WILL be abused against our citizens that are not really "terrorists". The problem is that the bill(s) have past, and are now in enforcement.
Not that this really has anything to do with what the FBI did. I applaud them in apprehending this individual, and find is somewhat funny that is was done with such a simple method.
Maybe we DID take the blue pill. You wouldn't remember anyway.
Have a look at the 'owner' match extension to iptables:
That's great, and I'm glad Microsoft has addressed this issue, but there's still a large percentage of Internet users with Windows 98. Think they're using Outlook 2003? People who are always using the latest software are probably not the targets of scammers who have a need to track your email.
WMBC freeform/independent online radio.
Tm
Support TBI Research: http://www.raisinhope.org
Yes, when you click a link. But Outlook is still using the IE engine to render any HTML-formatted messages.
I hope you're keeping up with the IE security fixes, and not assuming that you're safe just because Moz is your default browser.
Maybe you'll learn something... just maybe.
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
So if I install a fountain for 'users', in front of our office, and someone takes it apart and damages it.. what is that?